<!DOCTYPE html>
<html lang="en-US">
  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
    <title>【操作系统】Linux基础命令 | 狼组安全团队公开知识库</title>
    <meta name="description" content="">
    <meta name="generator" content="VuePress 1.7.1">
    <link rel="icon" href="/assets/logo.svg">
    <script type="text/javascript" src="/assets/js/push.js"></script>
    <meta name="description" content="致力于打造信息安全乌托邦">
    <meta name="referrer" content="never">
    <meta name="keywords" content="知识库,公开知识库,狼组,狼组安全团队知识库,knowledge">
    <link rel="preload" href="/assets/css/0.styles.32ca519c.css" as="style"><link rel="preload" href="/assets/js/app.f7464420.js" as="script"><link rel="preload" href="/assets/js/2.26207483.js" as="script"><link rel="preload" href="/assets/js/17.627e2976.js" as="script"><link rel="prefetch" href="/assets/js/10.55514509.js"><link rel="prefetch" href="/assets/js/11.ec576042.js"><link rel="prefetch" href="/assets/js/12.a5584a2f.js"><link rel="prefetch" href="/assets/js/13.c9f84b2e.js"><link rel="prefetch" href="/assets/js/14.d2a5440c.js"><link rel="prefetch" href="/assets/js/15.2f271296.js"><link rel="prefetch" href="/assets/js/16.0895ce42.js"><link rel="prefetch" href="/assets/js/18.73745a4c.js"><link rel="prefetch" href="/assets/js/19.19350186.js"><link rel="prefetch" href="/assets/js/20.e4eac589.js"><link rel="prefetch" href="/assets/js/21.fc0657ba.js"><link rel="prefetch" href="/assets/js/22.f4a1220f.js"><link rel="prefetch" href="/assets/js/23.c8cce92d.js"><link rel="prefetch" href="/assets/js/24.46225ec2.js"><link rel="prefetch" href="/assets/js/25.9b6d75e4.js"><link rel="prefetch" href="/assets/js/26.288f535e.js"><link rel="prefetch" href="/assets/js/27.865bdc75.js"><link rel="prefetch" href="/assets/js/28.f4224fef.js"><link rel="prefetch" href="/assets/js/29.6393a40b.js"><link rel="prefetch" href="/assets/js/3.a509f503.js"><link rel="prefetch" href="/assets/js/30.d5a49f97.js"><link rel="prefetch" href="/assets/js/31.eb3647df.js"><link rel="prefetch" href="/assets/js/32.7f48a571.js"><link rel="prefetch" href="/assets/js/33.1f374ffa.js"><link rel="prefetch" href="/assets/js/34.5a911179.js"><link rel="prefetch" href="/assets/js/35.d2bcc7ef.js"><link rel="prefetch" href="/assets/js/36.42e440bd.js"><link rel="prefetch" href="/assets/js/37.dedbbdea.js"><link rel="prefetch" href="/assets/js/38.d68d1f69.js"><link rel="prefetch" href="/assets/js/39.e278f860.js"><link rel="prefetch" href="/assets/js/4.35636da8.js"><link rel="prefetch" href="/assets/js/40.97f4e937.js"><link rel="prefetch" href="/assets/js/41.38630688.js"><link rel="prefetch" href="/assets/js/42.cae56aa5.js"><link rel="prefetch" href="/assets/js/43.61a04b16.js"><link rel="prefetch" href="/assets/js/44.5c6230f2.js"><link rel="prefetch" href="/assets/js/45.0f1355ae.js"><link rel="prefetch" href="/assets/js/46.c1906649.js"><link rel="prefetch" href="/assets/js/47.7ae220ce.js"><link rel="prefetch" href="/assets/js/48.59af224e.js"><link rel="prefetch" href="/assets/js/49.6a33a171.js"><link rel="prefetch" href="/assets/js/5.08ab40ee.js"><link rel="prefetch" href="/assets/js/50.f14601d2.js"><link rel="prefetch" href="/assets/js/51.f20841fd.js"><link rel="prefetch" href="/assets/js/52.fb0a5327.js"><link rel="prefetch" href="/assets/js/53.8013048c.js"><link rel="prefetch" href="/assets/js/54.d132c2f8.js"><link rel="prefetch" href="/assets/js/55.87aa8b5d.js"><link rel="prefetch" href="/assets/js/56.161f38ad.js"><link rel="prefetch" href="/assets/js/57.bd6a2ef2.js"><link rel="prefetch" href="/assets/js/58.8a69f15a.js"><link rel="prefetch" href="/assets/js/59.93c0e2de.js"><link rel="prefetch" href="/assets/js/6.fda5ce3a.js"><link rel="prefetch" href="/assets/js/60.10091d44.js"><link rel="prefetch" href="/assets/js/61.cd1e3b10.js"><link rel="prefetch" href="/assets/js/62.9c0ad8c5.js"><link rel="prefetch" href="/assets/js/63.4a8dd9d2.js"><link rel="prefetch" href="/assets/js/64.6bf3fede.js"><link rel="prefetch" href="/assets/js/65.7a2ccc50.js"><link rel="prefetch" href="/assets/js/66.874d563b.js"><link rel="prefetch" href="/assets/js/67.bb86eab2.js"><link rel="prefetch" href="/assets/js/68.c1db2a2b.js"><link rel="prefetch" href="/assets/js/69.8141480b.js"><link rel="prefetch" href="/assets/js/7.d1fe6bef.js"><link rel="prefetch" href="/assets/js/70.9fb74c80.js"><link rel="prefetch" href="/assets/js/71.d1e4e9ab.js"><link rel="prefetch" href="/assets/js/72.e6bf83fb.js"><link rel="prefetch" href="/assets/js/73.6dd6c980.js"><link rel="prefetch" href="/assets/js/74.3612ba47.js"><link rel="prefetch" href="/assets/js/75.6e1a2434.js"><link rel="prefetch" href="/assets/js/76.5bfa4bcc.js"><link rel="prefetch" href="/assets/js/77.784df031.js"><link rel="prefetch" href="/assets/js/78.aa94a0a0.js"><link rel="prefetch" href="/assets/js/79.c4e9a4f2.js"><link rel="prefetch" href="/assets/js/8.63fd05d7.js"><link rel="prefetch" href="/assets/js/80.8d47d1f7.js"><link rel="prefetch" href="/assets/js/81.1160b022.js"><link rel="prefetch" href="/assets/js/82.7d17e5c8.js"><link rel="prefetch" href="/assets/js/83.a2ff144a.js"><link rel="prefetch" href="/assets/js/84.53d29383.js"><link rel="prefetch" href="/assets/js/9.b49161a4.js">
    <link rel="stylesheet" href="/assets/css/0.styles.32ca519c.css">
  </head>
  <body>
    <div id="app" data-server-rendered="true"><div class="theme-container"><header class="navbar"><div class="ant-row"><div class="nav-button"><i aria-label="icon: bars" class="anticon anticon-bars"><svg viewBox="0 0 1024 1024" focusable="false" data-icon="bars" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M912 192H328c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h584c4.4 0 8-3.6 8-8v-56c0-4.4-3.6-8-8-8zm0 284H328c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h584c4.4 0 8-3.6 8-8v-56c0-4.4-3.6-8-8-8zm0 284H328c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h584c4.4 0 8-3.6 8-8v-56c0-4.4-3.6-8-8-8zM104 228a56 56 0 1 0 112 0 56 56 0 1 0-112 0zm0 284a56 56 0 1 0 112 0 56 56 0 1 0-112 0zm0 284a56 56 0 1 0 112 0 56 56 0 1 0-112 0z"></path></svg></i> <span></span></div> <div class="ant-col ant-col-xs-24 ant-col-sm-24 ant-col-md-6 ant-col-lg-5 ant-col-xl-5 ant-col-xxl-4"><a href="/" class="router-link-active home-link"><img src="/assets/logo.svg" alt="狼组安全团队公开知识库" class="logo"> <span class="site-name">狼组安全团队公开知识库</span></a> <div class="search-box mobile-search"><input aria-label="Search" autocomplete="off" spellcheck="false" value=""> <!----></div></div> <div class="ant-col ant-col-xs-0 ant-col-sm-0 ant-col-md-18 ant-col-lg-19 ant-col-xl-19 ant-col-xxl-20"><div class="search-box"><input aria-label="Search" autocomplete="off" spellcheck="false" value=""> <!----></div> <nav class="nav-links can-hide"><ul role="menu" id="nav" class="ant-menu ant-menu-horizontal ant-menu-root ant-menu-light"><li role="menuitem" class="ant-menu-submenu ant-menu-submenu-horizontal ant-menu-overflowed-submenu" style="display:none;"><div aria-haspopup="true" class="ant-menu-submenu-title"><span>···</span><i class="ant-menu-submenu-arrow"></i></div></li><li role="menuitem" class="ant-menu-item"><a href="/" class="router-link-active">
          首页
        </a></li><li role="menuitem" class="ant-menu-submenu ant-menu-submenu-horizontal ant-menu-overflowed-submenu" style="display:none;"><div aria-haspopup="true" class="ant-menu-submenu-title"><span>···</span><i class="ant-menu-submenu-arrow"></i></div></li><li role="menuitem" class="ant-menu-item"><a href="/guide/">
          使用指南
        </a></li><li role="menuitem" class="ant-menu-submenu ant-menu-submenu-horizontal ant-menu-overflowed-submenu" style="display:none;"><div aria-haspopup="true" class="ant-menu-submenu-title"><span>···</span><i class="ant-menu-submenu-arrow"></i></div></li><li role="menuitem" class="ant-menu-item"><a href="/knowledge/" class="router-link-active">
          知识库
        </a></li><li role="menuitem" class="ant-menu-submenu ant-menu-submenu-horizontal ant-menu-overflowed-submenu" style="display:none;"><div aria-haspopup="true" class="ant-menu-submenu-title"><span>···</span><i class="ant-menu-submenu-arrow"></i></div></li><li role="menuitem" class="ant-menu-item"><a href="/opensource/">
          开源项目
        </a></li><li role="menuitem" class="ant-menu-submenu ant-menu-submenu-horizontal ant-menu-overflowed-submenu" style="visibility:hidden;position:absolute;"><div aria-haspopup="true" class="ant-menu-submenu-title"><span>···</span><i class="ant-menu-submenu-arrow"></i></div></li></ul> <a href="https://github.com/wgpsec" target="_blank" rel="noopener noreferrer" class="repo-link"><i aria-label="icon: github" class="anticon anticon-github"><svg viewBox="64 64 896 896" focusable="false" data-icon="github" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M511.6 76.3C264.3 76.2 64 276.4 64 523.5 64 718.9 189.3 885 363.8 946c23.5 5.9 19.9-10.8 19.9-22.2v-77.5c-135.7 15.9-141.2-73.9-150.3-88.9C215 726 171.5 718 184.5 703c30.9-15.9 62.4 4 98.9 57.9 26.4 39.1 77.9 32.5 104 26 5.7-23.5 17.9-44.5 34.7-60.8-140.6-25.2-199.2-111-199.2-213 0-49.5 16.3-95 48.3-131.7-20.4-60.5 1.9-112.3 4.9-120 58.1-5.2 118.5 41.6 123.2 45.3 33-8.9 70.7-13.6 112.9-13.6 42.4 0 80.2 4.9 113.5 13.9 11.3-8.6 67.3-48.8 121.3-43.9 2.9 7.7 24.7 58.3 5.5 118 32.4 36.8 48.9 82.7 48.9 132.3 0 102.2-59 188.1-200 212.9a127.5 127.5 0 0 1 38.1 91v112.5c.8 9 0 17.9 15 17.9 177.1-59.7 304.6-227 304.6-424.1 0-247.2-200.4-447.3-447.5-447.3z"></path></svg></i></a></nav></div></div> <!----></header> <aside class="sidebar"><div><div class="promo"><div id="promo_3"><div class="promo_title">赞助商</div> <button type="button" class="ant-btn ant-btn-primary ant-btn-background-ghost"><span>成为赞助商</span></button></div></div> <div role="separator" id="reset-margin" class="ant-divider ant-divider-horizontal ant-divider-dashed"></div></div> <ul class="sidebar-links"><li><a href="/knowledge/" aria-current="page" title="知识库广告位招租" class="sidebar-link">知识库广告位招租</a></li><li><section class="sidebar-group collapsable depth-0"><p class="sidebar-heading"><span>CTF</span> <span class="arrow right"><i aria-label="icon: down" class="anticon anticon-down"><svg viewBox="64 64 896 896" focusable="false" data-icon="down" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M884 256h-75c-5.1 0-9.9 2.5-12.9 6.6L512 654.2 227.9 262.6c-3-4.1-7.8-6.6-12.9-6.6h-75c-6.5 0-10.3 7.4-6.5 12.7l352.6 486.1c12.8 17.6 39 17.6 51.7 0l352.6-486.1c3.9-5.3.1-12.7-6.4-12.7z"></path></svg></i></span></p> <!----></section></li><li><section class="sidebar-group collapsable depth-0"><p class="sidebar-heading open"><span>基础知识</span> <span class="arrow down"><i aria-label="icon: down" class="anticon anticon-down"><svg viewBox="64 64 896 896" focusable="false" data-icon="down" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M884 256h-75c-5.1 0-9.9 2.5-12.9 6.6L512 654.2 227.9 262.6c-3-4.1-7.8-6.6-12.9-6.6h-75c-6.5 0-10.3 7.4-6.5 12.7l352.6 486.1c12.8 17.6 39 17.6 51.7 0l352.6-486.1c3.9-5.3.1-12.7-6.4-12.7z"></path></svg></i></span></p> <ul class="sidebar-links sidebar-group-items"><li><a href="/knowledge/base/" aria-current="page" title="分类简介" class="sidebar-link">分类简介</a></li><li><a href="/knowledge/base/safety.html" title="网络安全设备常识" class="sidebar-link">网络安全设备常识</a></li><li><a href="/knowledge/base/network-web.html" title="【网络基础】Web应用常识" class="sidebar-link">【网络基础】Web应用常识</a></li><li><a href="/knowledge/base/network-tcp-ip.html" title="【网络基础】TCP/IP协议" class="sidebar-link">【网络基础】TCP/IP协议</a></li><li><a href="/knowledge/base/network-http.html" title="【网络基础】HTTP协议" class="sidebar-link">【网络基础】HTTP协议</a></li><li><a href="/knowledge/base/network-https.html" title="【网络基础】SSL双向认证" class="sidebar-link">【网络基础】SSL双向认证</a></li><li><a href="/knowledge/base/network-route.html" title="【网络基础】路由协议" class="sidebar-link">【网络基础】路由协议</a></li><li><a href="/knowledge/base/linux-cmd.html" aria-current="page" title="【操作系统】Linux基础命令" class="active sidebar-link">【操作系统】Linux基础命令</a></li><li><a href="/knowledge/base/linux-awk.html" title="【操作系统】Linux三剑客" class="sidebar-link">【操作系统】Linux三剑客</a></li><li><a href="/knowledge/base/git-base.html" title="Git基本用法" class="sidebar-link">Git基本用法</a></li><li><a href="/knowledge/base/docker-base.html" title="Docker微服务构建指南" class="sidebar-link">Docker微服务构建指南</a></li></ul></section></li><li><section class="sidebar-group collapsable depth-0"><p class="sidebar-heading"><span>工具手册</span> <span class="arrow right"><i aria-label="icon: down" class="anticon anticon-down"><svg viewBox="64 64 896 896" focusable="false" data-icon="down" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M884 256h-75c-5.1 0-9.9 2.5-12.9 6.6L512 654.2 227.9 262.6c-3-4.1-7.8-6.6-12.9-6.6h-75c-6.5 0-10.3 7.4-6.5 12.7l352.6 486.1c12.8 17.6 39 17.6 51.7 0l352.6-486.1c3.9-5.3.1-12.7-6.4-12.7z"></path></svg></i></span></p> <!----></section></li><li><section class="sidebar-group collapsable depth-0"><p class="sidebar-heading"><span>Web安全</span> <span class="arrow right"><i aria-label="icon: down" class="anticon anticon-down"><svg viewBox="64 64 896 896" focusable="false" data-icon="down" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M884 256h-75c-5.1 0-9.9 2.5-12.9 6.6L512 654.2 227.9 262.6c-3-4.1-7.8-6.6-12.9-6.6h-75c-6.5 0-10.3 7.4-6.5 12.7l352.6 486.1c12.8 17.6 39 17.6 51.7 0l352.6-486.1c3.9-5.3.1-12.7-6.4-12.7z"></path></svg></i></span></p> <!----></section></li><li><section class="sidebar-group collapsable depth-0"><p class="sidebar-heading"><span>攻防对抗</span> <span class="arrow right"><i aria-label="icon: down" class="anticon anticon-down"><svg viewBox="64 64 896 896" focusable="false" data-icon="down" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M884 256h-75c-5.1 0-9.9 2.5-12.9 6.6L512 654.2 227.9 262.6c-3-4.1-7.8-6.6-12.9-6.6h-75c-6.5 0-10.3 7.4-6.5 12.7l352.6 486.1c12.8 17.6 39 17.6 51.7 0l352.6-486.1c3.9-5.3.1-12.7-6.4-12.7z"></path></svg></i></span></p> <!----></section></li><li><section class="sidebar-group collapsable depth-0"><p class="sidebar-heading"><span>代码审计</span> <span class="arrow right"><i aria-label="icon: down" class="anticon anticon-down"><svg viewBox="64 64 896 896" focusable="false" data-icon="down" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M884 256h-75c-5.1 0-9.9 2.5-12.9 6.6L512 654.2 227.9 262.6c-3-4.1-7.8-6.6-12.9-6.6h-75c-6.5 0-10.3 7.4-6.5 12.7l352.6 486.1c12.8 17.6 39 17.6 51.7 0l352.6-486.1c3.9-5.3.1-12.7-6.4-12.7z"></path></svg></i></span></p> <!----></section></li></ul></aside> <main class="page"> <div class="theme-antdocs-content content__default"><h1 id="linux基础命令">Linux基础命令 <a href="#linux基础命令" class="header-anchor">#</a></h1> <div class="language-bash line-numbers-mode"><pre class="language-bash"><code>pwd、cd 、ls -al、touch、mkdir
cp、mv、rm、find / -name xx* 、du<span class="token punctuation">(</span>计算目录容量<span class="token punctuation">)</span>
cat、more <span class="token punctuation">(</span>逐页阅读,空格下一页，b返回上一页<span class="token punctuation">)</span>
<span class="token function">head</span> -n <span class="token number">2</span> xx.txt	<span class="token comment">#查看前两行</span>
<span class="token function">tail</span> -n <span class="token number">3</span> ca.*		<span class="token comment">#查看ca开头的文件的后3行</span>
<span class="token function">grep</span>	<span class="token comment">#正则匹配，搜索文本</span>
<span class="token builtin class-name">echo</span>	<span class="token comment">#用于在shell中打印shell变量的值，或者直接输出指定的字符串</span>
<span class="token function">ln</span> -s 源文件 目标文件		<span class="token comment">#(-s软链接、不可删除源文件；硬链接时，源文件只能为文件不能是目录)</span>

<span class="token function">wc</span> <span class="token comment">#显示文件的行、单词、字节统计信息（-l、-w、-c）</span>

Vim工作模式：普通模式、插入模式<span class="token punctuation">(</span>i<span class="token punctuation">)</span>、命令模式<span class="token punctuation">(</span>:<span class="token punctuation">)</span>
Vim查找替换：普通模式下-<span class="token operator">&gt;</span> /向下查找 ?向上查找 n跳到下一个匹配处
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br><span class="line-number">12</span><br><span class="line-number">13</span><br></div></div><h1 id="账户管理">账户管理 <a href="#账户管理" class="header-anchor">#</a></h1> <div class="language-bash line-numbers-mode"><pre class="language-bash"><code><span class="token function">id</span>		<span class="token comment">#打印用户的UID和GID，root组的GID号是：0，bin组GID号是：1，daemon组GID号是：2，sys组GID号是：3</span>
<span class="token function">passwd</span>	<span class="token comment">#后单跟用户名跟改密码</span>
-l	<span class="token comment">#锁定用户不能跟改密码</span>
-d	<span class="token comment">#清除用户密码</span>
-S	<span class="token comment">#查询用户密码状态</span>

<span class="token function">useradd</span>		<span class="token comment">#添加用户，-d指定家目录，-g指定主要组，-G指定次要组，-s指定缺省shell</span>
<span class="token function">groupadd</span>	<span class="token comment">#添加组，-g指定组ID</span>
<span class="token function">usermod</span>		<span class="token comment">#修改用户信息，-e有效期，-f宽限天数，-l账户名称，-L锁定用户，-u修改用户ID</span>
<span class="token function">userdel</span>		<span class="token comment">#删除用户，-f强制删除 即使用户已登录，-r同时删除用户相关所有文件</span>
<span class="token function">groupdel</span>	<span class="token comment">#删除工作组</span>

<span class="token comment">#账户信息文件：/etc/passwd</span>
root:x:0:0:root:/root:/bin/bash
用户名：密码：用户ID：组ID：用户说明<span class="token punctuation">(</span>描述<span class="token punctuation">)</span>：用户主<span class="token punctuation">(</span>家<span class="token punctuation">)</span>目录：缺省shell<span class="token punctuation">(</span>登陆后的shell<span class="token punctuation">)</span>
注意：无密码只允许本机登陆，远程不允许登陆

<span class="token comment">#账户密码文件：/etc/shadow</span>
root:<span class="token variable">$Gs1qhL2p3ZetrE4</span>.kMHx6qgbTcjQSt.Ft7ql1WpkopY/:16809:0:99999:7:::
用户名：加密密码：密码最后一次修改日期：两次密码的修改时间间隔：
密码有效期：密码到期的警告天数：密码过期宽限天数：账号失效时间：保留

<span class="token comment">#组账户信息文件：/etc/group</span>
root:x:0:
组名：口令：组标识号：组内用户列表

<span class="token function">who</span>		<span class="token comment">#查看当前登录用户（tty本地登陆  pts远程登录）</span>
w		<span class="token comment">#查看系统信息，想知道某一时刻用户的行为</span>
<span class="token function">uptime</span>	<span class="token comment">#查看登陆多久、多少用户，负载</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br><span class="line-number">12</span><br><span class="line-number">13</span><br><span class="line-number">14</span><br><span class="line-number">15</span><br><span class="line-number">16</span><br><span class="line-number">17</span><br><span class="line-number">18</span><br><span class="line-number">19</span><br><span class="line-number">20</span><br><span class="line-number">21</span><br><span class="line-number">22</span><br><span class="line-number">23</span><br><span class="line-number">24</span><br><span class="line-number">25</span><br><span class="line-number">26</span><br><span class="line-number">27</span><br><span class="line-number">28</span><br><span class="line-number">29</span><br></div></div><h1 id="文件和目录权限管理">文件和目录权限管理 <a href="#文件和目录权限管理" class="header-anchor">#</a></h1> <div class="language-bash line-numbers-mode"><pre class="language-bash"><code>drwx-rwx-rwx <span class="token comment">#d代表目录、读、写、执行（4、2、1） -&gt; user、group、other -&gt; 所有者用户、组、其他用户的权限</span>
<span class="token function">chmod</span> <span class="token comment">#改变文件和目录权限</span>
<span class="token function">chown</span> <span class="token comment">#改变文件和目录所有者和组</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br></div></div><h1 id="计划任务">计划任务 <a href="#计划任务" class="header-anchor">#</a></h1> <p>都是以当前用户的权限去执行计划任务的</p> <h2 id="at一次性计划任务">at一次性计划任务 <a href="#at一次性计划任务" class="header-anchor">#</a></h2> <p>需要开启<code>atd</code>服务(需要root权限)</p> <div class="language-bash line-numbers-mode"><pre class="language-bash"><code><span class="token function">sudo</span> /etc/init.d/atd restart
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p><strong>at的运行方式</strong></p> <p>事实上我们仅使用at命令来生成所要运行的工作，并将这个工作以文本文件的方式写入/var/spool/at目录内</p> <p>该工作就可以被<code>atd</code>服务取用并执行，at的实际工作情况是这样的：</p> <blockquote><p>1：先查找<code>/etc/at.allow</code>文件，写在这个文件中的用户才可以使用at，没有在<code>at.allow</code>文件中的用户就不可以使用，即使<code>at.deny</code>中也没有</p> <p>2：如果<code>at.allow</code>不存在，就查找<code>/etc/at.deny</code>，写在这个文件中的用户都不能使用at，而其他用户都可以使用at</p> <p>3：如果两个文件都不存在，那么就只有root用户可以执行at</p></blockquote> <p><strong>选项参数：</strong></p> <div class="language-bash line-numbers-mode"><pre class="language-bash"><code>-l		<span class="token comment">#相当于atq，列出系统上该用户的所有at调度</span>
-d		<span class="token comment">#相当于atrm，取消一个在at中调度的工作</span>
-v		<span class="token comment">#使用较明显的时间格式列出at调度中的任务列表</span>
-c		<span class="token comment">#查看at计划任务的具体内容，后接job名</span>

$ at <span class="token number">18</span>:00
at<span class="token operator">&gt;</span>sh cmd.sh
at<span class="token operator">&gt;</span><span class="token punctuation">(</span>输入ctrl+d<span class="token punctuation">)</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br></div></div><h2 id="crontab-周期性计划任务">crontab 周期性计划任务 <a href="#crontab-周期性计划任务" class="header-anchor">#</a></h2> <p>(user权限不能查看<code>www-data</code>权限的任务)</p> <div class="language-bash line-numbers-mode"><pre class="language-bash"><code>-u	<span class="token comment">#只有root用户可以执行这个任务，也即帮其他用户新建、删除任务</span>
-e	<span class="token comment">#edit user's crontab</span>
-l	<span class="token comment">#list user's crontab</span>
-r	<span class="token comment">#delete user's crontab</span>
-i	<span class="token comment">#prompt before deleting user's crontab</span>

<span class="token comment">#================#</span>
<span class="token comment">#======例子======#</span>
<span class="token comment">#================#</span>

<span class="token number">0</span> <span class="token number">12</span> * * * <span class="token function">sh</span> shell.sh
<span class="token comment">#上边这条任务代表每天12点执行一次 sh shell.sh</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br><span class="line-number">12</span><br></div></div><p>前面5个字段分别表示<strong>分钟</strong>，<strong>小时</strong>，<strong>日期</strong>，<strong>月份</strong>，<strong>周</strong>，后面接的是命令</p> <table><thead><tr><th>代表意义</th> <th>分钟</th> <th>小时</th> <th>日期</th> <th>月份</th> <th>周</th> <th>命令</th></tr></thead> <tbody><tr><td>数字范围</td> <td>0-59</td> <td>0-23</td> <td>0-31</td> <td>0-12</td> <td>0-7</td> <td>要执行的命令</td></tr></tbody></table> <p>其中周里面的0和7都代表周日，注意周与日月不可并存</p> <p><strong>特殊字符：</strong></p> <table><thead><tr><th>特殊字符</th> <th>代表意义</th></tr></thead> <tbody><tr><td>*（星号）</td> <td>任意时刻，如0 12 * * * sh <code>shell.sh</code>的*代表每个月的每个周中的每一天</td></tr> <tr><td>,（逗号）</td> <td>代表分割时段，例如0 3,6 * * * command，表示在3点和6点时执行任务，<strong>注意不要有空格符</strong></td></tr> <tr><td>-（减号）</td> <td>代表时间段范围，例如在凌晨1点到6点的30分的时候执行command命令则应该是 30 1-6 * * * command</td></tr> <tr><td>/n</td> <td>表示每隔n个单位间隔执行一次的意思，*/11-23 * * * command表示凌晨1到晚上23点时间段内每隔1分钟执行一次</td></tr></tbody></table> <h1 id="网络监控netstat">网络监控netstat <a href="#网络监控netstat" class="header-anchor">#</a></h1> <div class="language-bash line-numbers-mode"><pre class="language-bash"><code><span class="token function">netstat</span>	<span class="token comment">#打印网络连接、路由表、网络接口统计信息</span>
-a		<span class="token comment">#显示所有socket，包括正在监听的</span>
-n 		<span class="token comment">#使用数字形式的IP</span>
-t 		<span class="token comment">#查看tcp连接信息</span>
-p 		<span class="token comment">#显示进程及对应ID号</span>

-l 		<span class="token comment">#显示正在监听的sockets接口信息</span>
-u 		<span class="token comment">#查看udp连接信息</span>
-s 		<span class="token comment">#显示各种协议统计信息</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br></div></div><p><strong>查看当前端口连接</strong></p> <div class="language-bash line-numbers-mode"><pre class="language-bash"><code><span class="token function">netstat</span> -antp
ss -l
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br></div></div><p>ss的优势在于它能够显示更多更详细的有关TCP和连接状态的信息，而且比netstat更快速更高效。</p> <h1 id="windows平台netstat详解">Windows平台netstat详解 <a href="#windows平台netstat详解" class="header-anchor">#</a></h1> <blockquote><p>netstat 用于显示与IP 、TCP 、UDP 和ICMP 协议相关的统计数据，一般用于检验本机各端口的网络连接情况.</p></blockquote> <div class="language-bash line-numbers-mode"><pre class="language-bash"><code>-a  显示所有连接和监听端口
-n  以数字形式显示地址和端口号，显示所有已建立的有效连接
-o  显示进程 PID

-p  proto ,指定协议TCP、UDP
-r  打印路由表，通route print
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br></div></div><p><strong>状态列表</strong></p> <div class="language-bash line-numbers-mode"><pre class="language-bash"><code>LISTEN		<span class="token comment">#在监听状态中</span>
ESTABLISHED	<span class="token comment">#已建立联机的联机情况</span>
TIME_WAIT	<span class="token comment">#该联机在目前已经是等待的状态</span>
CLOSE_WAIT	<span class="token comment">#被动关闭的一方，收到FIN包后，协议层回复ACK（阻塞住了）</span>
FIN_WAIT_2	<span class="token comment">#主动关闭的一方等待对方关闭</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br></div></div><p><strong>对外发包还是被连接？</strong>
高端口连接低端口</p> <h1 id="进程监控-ps">进程监控 PS <a href="#进程监控-ps" class="header-anchor">#</a></h1> <div class="language-bash line-numbers-mode"><pre class="language-bash"><code><span class="token comment">#grep表示在这些里搜索，而ps aux是显示所有进程和其状态</span>
<span class="token function">ps</span> aux <span class="token operator">|</span> <span class="token function">grep</span> amoeba		<span class="token comment">#查到amoeba的进程</span>
<span class="token function">kill</span> -s <span class="token number">9</span> pid				<span class="token comment">#杀死进程</span>


a 	<span class="token comment">#显示现行终端机下的所有程序，包括其他用户的程序</span>
u 　<span class="token comment">#以用户为主的格式来显示程序状况。 </span>
x 　<span class="token comment">#显示所有程序，不以终端机来区分</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br></div></div><p><strong>Linux上进程有5种状态:</strong></p> <blockquote><ol><li><p><strong>运行</strong>          (正在运行或在运行队列中等待)</p></li> <li><p><strong>中断</strong>          (休眠中, 受阻, 在等待某个条件的形成或接受到信号)</p></li> <li><p><strong>不可中断</strong>   (收到信号不唤醒和不可运行, 进程必须等待直到有中断发生)</p></li> <li><p><strong>僵死</strong>          (进程已终止, 但进程描述符存在, 直到父进程调用wait4()系统调用后释放)</p></li> <li><p><strong>停止</strong>          (进程收到SIGSTOP, SIGSTP, SIGTIN, SIGTOU信号后停止运行运行)</p></li></ol></blockquote> <p><strong><code>ps aux</code>输出格式：</strong></p> <div class="language-http line-numbers-mode"><pre class="language-http"><code>USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p><strong>格式说明：</strong></p> <blockquote><p><code>USER</code>: 行程拥有者</p> <p><code>PID: pid</code></p> <p><code>%CPU</code>: 占用的 CPU 使用率</p> <p><code>%MEM</code>: 占用的记忆体使用率</p> <p><code>VSZ</code>: 占用的虚拟记忆体大小</p> <p><code>RSS</code>: 占用的记忆体大小</p> <p><code>TTY</code>: 终端的次要装置号码 (minor device number of tty)</p> <p><code>STAT</code>: 该行程的状态，<code>linux</code>的进程有5种状态：</p> <ul><li>D 不可中断 <code>uninterruptible</code> sleep (usually IO)</li> <li>R 运行 runnable (on run queue)</li> <li>S 中断 sleeping</li> <li>T 停止 traced or stopped</li> <li>Z 僵死 a defunct (”zombie”) process</li></ul> <p>​     注: 其它状态还包括W(无驻留页), &lt;(高优先级进程), N(低优先级进程), L(内存锁页)</p> <p>START: 行程开始时间</p> <p>TIME: 执行的时间</p> <p>COMMAND:所执行的指令</p></blockquote> <h1 id="wget和curl命令">wget和curl命令 <a href="#wget和curl命令" class="header-anchor">#</a></h1> <p><strong>wget</strong></p> <div class="language-bash line-numbers-mode"><pre class="language-bash"><code>wget命令用来从指定URL下载文件，稳定、支持断点续传。

-O  <span class="token comment">#重命名下载的文件</span>
-c  <span class="token comment">#断点续传</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br></div></div><p><strong>curl</strong></p> <div class="language-bash line-numbers-mode"><pre class="language-bash"><code>curl命令是一个利用URL规则在命令行下工作的文件传输工具

-O  <span class="token comment">#把服务器响应输出到指定文件</span>
-L  <span class="token comment">#自动跳转到重定向链接</span>
-i  <span class="token comment">#输出包含响应头的信息</span>
-I  <span class="token comment">#仅输出响应头</span>
-v  <span class="token comment">#显示http通信过程，包括端口连接和http request头信息</span>
-X  <span class="token comment">#指定请求方式（GET|POST|PUT）</span>
-H  <span class="token comment">#添加请求头（'key:value'）</span>
-d  <span class="token comment">#指定POST请求体</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br></div></div><h1 id="linux后台执行命令">Linux后台执行命令 <a href="#linux后台执行命令" class="header-anchor">#</a></h1> <div class="language-bash line-numbers-mode"><pre class="language-bash"><code><span class="token number">1</span>、ctrl + z     <span class="token comment">#将一个正在前台执行的命令放到后台，并且处于暂停状态</span>
<span class="token number">2</span>、bg           <span class="token comment">#将一个在后台暂停的命令，变成在后台继续执行 （配合上边的1在后台运行）</span>
<span class="token number">3</span>、<span class="token operator">&amp;</span>            <span class="token comment">#命令后加个&amp;符号</span>
<span class="token number">4</span>、nohup ./task 
<span class="token comment">#命令前添加nohup，让程序始终在后台执行，即使关闭当前的终端也执行（用exit退出账户）</span>
<span class="token comment">#ps查看此进程，jobs无法查看</span>

<span class="token number">5</span>、jobs         <span class="token comment">#查看后台运行的命令</span>
<span class="token number">6</span>、fg           <span class="token comment">#将后台中的命令调至前台继续运行</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br></div></div><h1 id="获取-proc目录信息">获取/proc目录信息 <a href="#获取-proc目录信息" class="header-anchor">#</a></h1> <div class="language-bash line-numbers-mode"><pre class="language-bash"><code><span class="token function">ls</span> /proc	<span class="token comment">#系统信息，硬件信息，内核版本，加载的模块，进程；可以用来提升权限</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>其中的部分文件分别对应正在运行的进程，可用于访问当前进程的地址空间。</p> <p>它是一个非常特殊的虚拟文件系统，其中并不包含“实际的”文件，而是可用以引用当前运行系统的系统信息，</p> <p>如CPU、内存、运行时间、软件配置以及硬件配置的信息，这些信息是在内存中由系统自己产生的。</p> <p><code>/proc/net</code>   其中的文件分别表示各种网络协议（如TCP、UDP以及ARP等）的状态与统计信息。
<code>/proc/sys</code>  这个目录不仅存有各种系统信息，而且也包含系统内核与TCP/IP网络的可调参数。</p> <p>其中的kernel子目录含有共享内存和消息队列的可调参数，net子目录中含有TCP/IP的各种可调参数。</p> <h1 id="centos系统设置">Centos系统设置 <a href="#centos系统设置" class="header-anchor">#</a></h1> <div class="language-bash line-numbers-mode"><pre class="language-bash"><code><span class="token comment">#Centos最小化安装时没有ifconfig等命令</span>
yum provides <span class="token function">ifconfig</span> 	<span class="token comment">#查看那个组件包,包含了 ifconfig 命令</span>
yum -y <span class="token function">install</span> net-tools	<span class="token comment">#安装组件包</span>

<span class="token comment">#配置静态 IP 地址并访问互联网</span>
<span class="token function">vi</span> /etc/sysconfig/network-scripts/ifcfg-ens33

<span class="token assign-left variable">BOOTPROTO</span><span class="token operator">=</span>dhcp/static <span class="token comment">#静态 IP</span>
<span class="token assign-left variable">IPADDR</span><span class="token operator">=</span><span class="token number">192.168</span>.1.11 <span class="token comment">#本机地址</span>
<span class="token assign-left variable">NETMASK</span><span class="token operator">=</span><span class="token number">255.255</span>.255.0 <span class="token comment">#子网掩码</span>
<span class="token assign-left variable">GATEWAY</span><span class="token operator">=</span><span class="token number">192.168</span>.1.255 <span class="token comment">#默认网关</span>

<span class="token function">vi</span> /etc/resolv.conf
nameserver <span class="token number">114.114</span>.114.114	<span class="token comment">#配置DNS</span>

<span class="token function">service</span> network restart 	<span class="token comment">#重启网络</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br><span class="line-number">12</span><br><span class="line-number">13</span><br><span class="line-number">14</span><br><span class="line-number">15</span><br><span class="line-number">16</span><br></div></div><h3 id="防火墙-firewall-和-selinux-打开和关闭">防火墙 FireWall 和 SELinux 打开和关闭 <a href="#防火墙-firewall-和-selinux-打开和关闭" class="header-anchor">#</a></h3> <div class="language-bash line-numbers-mode"><pre class="language-bash"><code>firewall-cmd --state				<span class="token comment">#查看防火墙状态</span>
systemctl start firewall.service	<span class="token comment">#开启防火墙</span>
systemctl stop firewall.service		<span class="token comment">#停止防火墙</span>
systemctl disable firewall.service	<span class="token comment">#禁止开机启动</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br></div></div><p>SELinux是「Security-Enhanced Linux」的简称，是Linux的一个扩张强制访问控制安全模块</p> <div class="language-bash line-numbers-mode"><pre class="language-bash"><code><span class="token comment">#临时关闭SELinux，1启用</span>
setenforce <span class="token number">0</span>

<span class="token comment">#永久关闭</span>
<span class="token function">vim</span> /etc/selinux/config/  --<span class="token operator">&gt;</span> <span class="token assign-left variable">SELINUX</span><span class="token operator">=</span>disabled

<span class="token comment"># SELINUX参数enforcing代表打开，disabled代表关闭</span>
<span class="token comment"># 查看selinux状态： getenforce</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br></div></div><h3 id="systemctl-命令使用详解">systemctl 命令使用详解 <a href="#systemctl-命令使用详解" class="header-anchor">#</a></h3> <div class="language-bash line-numbers-mode"><pre class="language-bash"><code><span class="token comment">#列出当前系统服务的状态</span>
systemctl list-units

<span class="token comment">#列出服务的开机状态</span>
systemctl list-units-files

<span class="token comment">#列出指定服务的状态</span>
systemctl status sshd

<span class="token comment">#重启服务</span>
systemctl restart sshd

<span class="token comment">#设定指定服务开机开启</span>
systemctl <span class="token builtin class-name">enable</span> sshd

systemctl set-default multi-user.target		<span class="token comment">#开机不开启图形</span>
systemctl set-default graphical.target		<span class="token comment">#开机启动图形</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br><span class="line-number">12</span><br><span class="line-number">13</span><br><span class="line-number">14</span><br><span class="line-number">15</span><br><span class="line-number">16</span><br><span class="line-number">17</span><br></div></div><h3 id="配置防火墙">配置防火墙 <a href="#配置防火墙" class="header-anchor">#</a></h3> <div class="language-bash line-numbers-mode"><pre class="language-bash"><code><span class="token comment">#查询端口是否开放</span>
firewall-cmd --query-port<span class="token operator">=</span><span class="token number">80</span>/tcp

<span class="token comment">#开放80端口</span>
firewall-cmd --permanent --add-port<span class="token operator">=</span><span class="token number">80</span>/tcp

<span class="token comment">#移除端口</span>
firewall-cmd --permanent --remove-port<span class="token operator">=</span><span class="token number">80</span>/tcp

<span class="token comment">#重启防火墙(修改配置后要重启防火墙)</span>
firewall-cmd --reload

<span class="token comment">#参数解释</span>
<span class="token number">1</span>、firwall-cmd：是Linux提供的操作firewall的一个工具；
<span class="token number">2</span>、--permanent：表示设置为持久；
<span class="token number">3</span>、--add-port：标识添加的端口；

<span class="token comment">#针对某个 IP开放端口</span>
firewall-cmd --permanent --add-rich-rule<span class="token operator">=</span><span class="token string">&quot;rule family=&quot;</span>ipv4<span class="token string">&quot; source address=&quot;</span><span class="token number">192.168</span>.189.128<span class="token string">&quot; port protocol=&quot;</span>tcp<span class="token string">&quot; port=&quot;</span><span class="token number">80</span><span class="token string">&quot; accept&quot;</span>

<span class="token comment">#删除某个IP</span>
firewall-cmd --permanent --remove-rich-rule<span class="token operator">=</span><span class="token string">&quot;rule family=&quot;</span>ipv4<span class="token string">&quot; source address=&quot;</span><span class="token number">192.168</span>.189.128<span class="token string">&quot; accept&quot;</span>

<span class="token comment">#针对一个ip段允许访问</span>
firewall-cmd --permanent --add-rich-rule<span class="token operator">=</span><span class="token string">&quot;rule family=&quot;</span>ipv4<span class="token string">&quot; source address=&quot;</span><span class="token number">192.168</span>.0.0/16<span class="token string">&quot; accept&quot;</span>
firewall-cmd --permanent --add-rich-rule<span class="token operator">=</span><span class="token string">&quot;rule family=&quot;</span>ipv4<span class="token string">&quot; source address=&quot;</span><span class="token number">192.168</span>.1.0/24<span class="token string">&quot; port protocol=&quot;</span>tcp<span class="token string">&quot; port=&quot;</span><span class="token number">9200</span><span class="token string">&quot; accept&quot;</span>

<span class="token comment">#重启防火墙(修改配置后要重启防火墙)</span>
firewall-cmd --reload
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br><span class="line-number">12</span><br><span class="line-number">13</span><br><span class="line-number">14</span><br><span class="line-number">15</span><br><span class="line-number">16</span><br><span class="line-number">17</span><br><span class="line-number">18</span><br><span class="line-number">19</span><br><span class="line-number">20</span><br><span class="line-number">21</span><br><span class="line-number">22</span><br><span class="line-number">23</span><br><span class="line-number">24</span><br><span class="line-number">25</span><br><span class="line-number">26</span><br><span class="line-number">27</span><br><span class="line-number">28</span><br><span class="line-number">29</span><br></div></div><h3 id="iptables工作在tcpip模型中的第七层-应用层">iptables工作在TCPIP模型中的第七层，应用层 <a href="#iptables工作在tcpip模型中的第七层-应用层" class="header-anchor">#</a></h3> <blockquote><p>目前市面上比较常见的有3、4层的防火墙，叫网络层的防火墙，还有7层的防火墙，其实是代理层的网关。</p> <p>对于TCP/IP的七层模型来讲，我们知道第三层是网络层，三层的防火墙会在这层对源地址和目标地址进行检测。</p> <p>但是对于七层的防火墙，不管你源端口或者目标端口，源地址或者目标地址是什么，都将对你所有的东西进行检查。</p> <p>所以，对于设计原理来讲，七层防火墙更加安全，但是这却带来了效率更低。</p> <p>所以市面上通常的防火墙方案，都是两者结合的。</p> <p>而又由于我们都需要从防火墙所控制的这个口来访问</p> <p>所以防火墙的工作效率就成了用户能够访问数据多少的一个最重要的控制</p> <p>配置的不好甚至有可能成为流量的瓶颈。</p></blockquote> <p>附：<a href="https://www.linuxcool.com/" target="_blank" rel="noopener noreferrer">Linux命令手册<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></p></div> <footer class="page-edit"><!----> <div class="last-updated"><span class="prefix">上次更新:</span> <span class="time">12/18/2021, 12:46:42 PM</span></div></footer> <div class="page-nav"><p class="inner"><span class="prev"><a href="/knowledge/base/network-route.html" class="prev"><i aria-label="icon: left" class="anticon anticon-left"><svg viewBox="64 64 896 896" focusable="false" data-icon="left" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M724 218.3V141c0-6.7-7.7-10.4-12.9-6.3L260.3 486.8a31.86 31.86 0 0 0 0 50.3l450.8 352.1c5.3 4.1 12.9.4 12.9-6.3v-77.3c0-4.9-2.3-9.6-6.1-12.6l-360-281 360-281.1c3.8-3 6.1-7.7 6.1-12.6z"></path></svg></i>
        【网络基础】路由协议
      </a></span> <span class="next"><a href="/knowledge/base/linux-awk.html">
        【操作系统】Linux三剑客
        <i aria-label="icon: right" class="anticon anticon-right"><svg viewBox="64 64 896 896" focusable="false" data-icon="right" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M765.7 486.8L314.9 134.7A7.97 7.97 0 0 0 302 141v77.3c0 4.9 2.3 9.6 6.1 12.6l360 281.1-360 281.1c-3.9 3-6.1 7.7-6.1 12.6V883c0 6.7 7.7 10.4 12.9 6.3l450.8-352.1a31.96 31.96 0 0 0 0-50.4z"></path></svg></i></a></span></p></div> </main> <!----></div><div class="global-ui"></div></div>
    <script src="/assets/js/app.f7464420.js" defer></script><script src="/assets/js/2.26207483.js" defer></script><script src="/assets/js/17.627e2976.js" defer></script>
  </body>
</html>